“There is a time-tested security method that can reliably disarm the IoT threat”
IoT (internet of things) security has now literally become a matter of life and death. “We have seen an avalanche of potentially deadly vulnerabilities in connected devices, and I don’t even want to imagine what could happen if this trajectory continues – but there is a time-tested security method that now has been modified so that it can also reliably disarm the IoT threat,” says Tejas Lagad, country manager for India at identity and security company Nexus Group.
In 2015, Chrysler had to recall of 1.4 million vehicles after a pair of hackers demonstrated that they could remotely hijack a Jeep’s digital systems over the internet.
Hackers took over the car brakes
“They could wirelessly hack into a car and take over dashboard functions, steering, transmission and brakes. For Chrysler, the fix was embarrassing and costly. For Jeep owners, the poor authentication in the remote connection was a matter of life and death,” says Lagad.
A year later, Johnson & Johnson warned doctors and 114,000 patients of a security vulnerability in one of its insulin pumps, which could be exploited to overdose diabetic patients with insulin.
Strong authentication – a necessity
“These are only two of many examples of poor IoT security that have highlighted how utterly important trustworthy authentication has become. Strong authentication is what makes it possible for connected things to communicate securely, and avoid eavesdroppers and hijackers,” says Lagad.
The prospect of someone remotely administering you an overdose or crashing your car with you in it is terrifying for anyone, and some people are arguing that the internet of things will do more harm than good.
Time to go back to security basics
“But is going back to the dark ages really the right answer to the very real dangers that connected things entail? No. Instead, the time has come to go back to security basics. To something tried and tested. To something that has secured the internet over the past 20 years, by enabling HTTPS. It is time to start using public key infrastructure (PKI) for IoT security too,” says Lagad.
The PKI security method enables trusted electronic identities for people and things, which make it possible to implement strong authentication, data encryption and digital signatures.
Published 5/10 2017